Personnel Security (PERSEC) still remains a challenge for DISP Members

Personnel Security (PERSEC) still remains a challenge for DISP Members.

The Defence Industry Security Program normally requires a security clearance at some level to work on defence projects and get access to sensitive information – but not at Entry Level. Recent changes to DISP means that your personnel security measures must include an initial suitability assessment, an ongoing suitability regime and a way to ensure that separating personnel have been briefed and a risk assessment conducted at that time. Suitability is a technical term. The important thing to understand is that DISP Members must have these policies for security cleared AND non-security cleared personnel. In short your entire Workforce needs to be a Trusted Workforce.

In August 2022 the DSPF was changed:

 

Previously, a DISP Member only needed to read the Employment Screening Standards – and everything else was a suggestion:

We have discussed some of the deficiencies relating to the old AS4811 2006 here.

As it was so low level that there were other standards that were worth considering – but again, they were quite vague:

ISO/IEC 27001:2013 A.7.1 – To ensure that employees and contractors are suitable for the roles for which they are considered. “When an individual is hired for a specific information security role, organisations should make sure the candidate can be trusted to take on the role.”

ISM P10: “Only trusted and vetted personnel are granted access to systems, applications and data repositories” and Security Control 0434 “Personnel undergo appropriate employment screening, and where necessary hold an appropriate security clearance, before being granted access to a system and its resources.”

Now, Defence are making DISP Members align their practices with the Protective Security Policy Framework (PSPF) for Initial Suitability (PSPF12), ongoing suitability (PSPF13) and separating personnel (PSPF14) – regardless of the workforce’s AGSVA clearance status.

Defence Industry Security Branch have said that “Going forward you will need to implement the AS4811-2022 standard to remain compliant with your DISP membership. Existing DISP members will need to ensure they are compliant with the AS4811-2022 standard by the time their Annual Security Report is due.”

 

The new AS 4811-2022 standard includes a one-on-one suitability interview & risk assessment for every candidate:

An example of a Defence ‘suitability criteria’ can be found here.

This is a fundamental change and a monumental shift that many entities have no experience in.

The PSPF12 C.1.a notes that pre-employment screening is a pre-employment check that provides a level of assurance about the individual’s suitability to access Australian Government resources. Suitability is defined in C.3.3.45 as honesty, trustworthiness, tolerance, maturity, loyalty and resilience. The Personnel Security Adjudicative Guidelines provide the common risk factor areas (allegiance, criminal history, financial, security violations & breaches, personal conduct, substance use, mental health) against which suitability is assessed. The PSPF goes on to say that you need to use a process of structured professional judgement to achieve an overall determination – this makes sure that a deep, non-discriminatory process occurs.

As an aside, practically speaking even a Police check (on its own) cannot make a determination of suitability – it only captures 1 of 7 areas of a person’s life. But then what do you do if there is a red flag on the Police record? A one-on-one background interview (such as a Cleard Life’s C0-CL3) is essential and for an assessment/analysis to be conducted. Are you doing this, will you do this? Who will do this – your Security Officer, or perhaps your Hiring Manager? Do they have the expertise to get the right information from the candidate and then process the information in a standardised way?

Part 2. AGSVA Cleared staff: A security clearance is the official status given to someone that has been checked and vetted for the eligibility and suitability to access and work with security classified resources. It gives access to certain the know how & know why information, with the higher the clearance corresponding with higher national security sensitivity. Whether your candidate is eligible and suitable to hold a security clearance is only determined after certain levels of assessments and background checks. These assessments are done to ensure that people entrusted with access to security classified information or resources are trustworthy.

As a part of the new DISP overhaul, a DISP member can sponsor their own workforce’s AGSVA security clearances (and DISP Level 1 & above). 

But note that you must do a suitability assessment prior to ordering an AGSVA clearance.

Although sponsoring clearances is a ground breaking step in the right direction, it also means for the very first time in history, personnel security responsibilities fall directly onto the 7,000 SMEs who are responsible for the ongoing suitability of their 50,000+ security clearances! For an industry that may never have done this before, this is profound shift which will require expertise and rapid maturity.

Here are the two most common questions we hear about security clearances:

1. How can our candidates can get a security clearance?

A security clearance can only be processed through www.agsva.gov.au via DOSD. An individual cannot sponsor a clearance personally. The DISP Member’s (Governance Level 1-3) Security Officer will be nominates people for clearances against a specific project and uses their own DSAP – designated security assessed position in their Security Register. Talk to us if you are aspiring for a higher level. Security Officers now need to make sure candidate’s are suitable before commencing clearance actions.

2. How long does it take to get a security clearance?

It varies. Depending on the type of clearance required and traceability of the individual’s history it may take 10 weeks or if complex, years. That is a lot of employment risk if you are going in blind. Officially, AGSVA states the below:

The far right column above only starts ticking when the CS e-pack submission has been accepted as correct (AGSVA note that 50% of packages are rejected and need to be returned to the clearance subject for re-submission).

So in reality give yourself: Baseline 2.5 months, NV1 4.5 months, NV2  6 months, PV 11 months.

Due to the risk and time delays and the process itself your legal team may want the employment contract condition to include the terms – “Subject to a security clearance being obtained and retained through ASGVA.”

THEN … fingers crossed that your candidate/applicant/recruit is non-complex. If they are, then this will blow out your timeframes five-fold.

 

DISP

 

The ANAO table above indicates that the higher the clearance type, the higher the risk of the clearance subject not getting a clearance.  The stats are clear: Not everyone can get a national security clearance. So a DISP company is blind to the risks and may have to wait months and months before they get an outcome so that the employee to start work. Compound that with the new ANAO report that states that there is a 20%-25% probability that the candidate will never get a clearance.

What can the security team and/or HR do to make sure that the candidate they choose will be able to get through the national security vetting process smoothly and without delays?

Two things. #1. Many delays can be avoided by “pre-vetting” candidates in away that anticipates a national security clearance outcome before it begins. This cannot be accomplished with a police check or an ID check. It needs to be a suitability assessment, completed by official and qualified vetting officers – at the right level. We know of only one group offering this service in Australia. This pre-vetting suitability assessment can be done inside the recruitment process. #2. The second thing you can now do (which has never been offered in Australia before until now) is to add a facilitation service that sponsors/initiates the clearance on your behalf and then guides the applicant through the e-pack submission and the official vetting assessment – no matter now complex the person’s background is. It can be a very stressful time for everyone concerned and there can be murky waters navigating through a national security clearance process. Having a fellow DISP Member and vetting experts and a security-officer by your side and on your side will help. When granted, you have the option of re-assignment or for us to maintain it on your behalf.

By using a facilitation service, DISP companies have the peace of mind and confidence that it has reduced the risk of an adverse or unfavourable AGSVA decision and reduced the likelihood of an abandoned clearance application. This also stops the company from having to start the recruitment process from scratch.

CONCLUSION:

1. Ask about about our Cleard Plus program that not only ‘speeds up‘ and ‘smooths out‘ the official AGSVA security clearance process, but also actively manages ongoing suitability (PSPF13) and separating personnel (PSPF14).

2. We can also assist you with a 4811 Bundle that certifies your workforce for DISP compliance:

Talk to us about your DISP-related personnel security issues – through our Cleard Plus program.

Contact us today for a confidential discussion or call us on 02-6171-4171.

 

Read more:

DISP Members should also review these:

DISP Members and Departments now require an Employee Suitability Check before Requesting a National Security Clearance!

https://www.cleard.life/disp-member-are-your-personnel-security-persec-measures-as-4811-2006-suitable/

Why Should Businesses Use A Managed Personnel Security Services Provider? (Never heard of this before)

Defence to DISP Applicant: Show me Evidence of your Insider Threat Program (ITP).

 

Post Script considerations:

 

Clearance Subjects – we recommend that you:

  • Disclose all relevant and required information.
  • Cooperate in the collection of personal documentation and corroborating evidence.
  • Answer questions fully and honestly and
  • Provide accurate information and personal documentation.

Usually it is only Australian citizens with a verifiable background that are eligible for an Australian government security clearance. One will be asked to provide evidence of Australian Citizenship details. Additionally, people who have stayed more than 12 months outside of Australia must be verified from independent and reliable sources. These background checks are done inside the vetting process.

Some Clearance Subjects are expected to be assessed as suitable to obtain and maintain the highest-level clearance: a Positive Vetting (PV) security clearance.  Minimum mandatory check list for a PV clearance to establish person’s suitability include:

  • Verification of identity
  • Background checks
  • Financial probity checks
  • Referee checks
  • Digital footprint checks
  • Psychological Assessment
  • Security Interview

To consider whether the Clearance Subject is suitable to hold a security clearance, at any level, they need to possess and demonstrate an appropriate level of integrity and are not vulnerable to influence or coercion. The specific character traits are:

  • Honesty
  • Trustworthiness
  • Tolerance
  • Maturity
  • Loyalty
  • Resilience